CVE-2026-0539

CVSS v4.0

8.5

High

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pcvisit versions 22.6.22.1329 through 25.12.3.1744

Description Incorrect default permissions in the pcvisit service binary on Windows allow a low-privileged local attacker to escalate their privileges. An attacker can overwrite the service binary with arbitrary contents, which is then automatically launched with NTSYSTEM privileges during boot.

Recommendations Update to version 25.12.3.1745.

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2026-0539

Affected Products

Pcvisit

CVE-2026-0539

Weakness Enumeration

Related Identifiers

Affected Products

References · 5